Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/38352e3233372e3230392e302f32342d3234203d3e203533333536.roa
File:                     38352e3233372e3230392e302f32342d3234203d3e203533333536.roa (raw, json)
Hash identifier:          HefMu0eW1ZoW+s5Hzj0srJP4AL6Hz5/c9kuqEueUt60=
Subject key identifier:   8B:53:A9:10:0D:EC:CB:04:9E:F4:AA:A0:35:CA:B1:0A:59:6D:18:00
Certificate issuer:       /CN=dc943cc2a7cdc378a37702573bb4f821170b530d
Certificate serial:       76656313F7EE871432220ED6D02E1D36B9A268D0
Authority key identifier: DC:94:3C:C2:A7:CD:C3:78:A3:77:02:57:3B:B4:F8:21:17:0B:53:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/38352e3233372e3230392e302f32342d3234203d3e203533333536.roa
Signing time:             Sat 18 Jan 2025 01:37:38 +0000
ROA not before:           Sat 18 Jan 2025 01:32:38 +0000
ROA not after:            Sat 17 Jan 2026 01:37:38 +0000
asID:                     53356
IP address blocks:        85.237.209.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 15 Feb 2025 05:53:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            76:65:63:13:f7:ee:87:14:32:22:0e:d6:d0:2e:1d:36:b9:a2:68:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc943cc2a7cdc378a37702573bb4f821170b530d
        Validity
            Not Before: Jan 18 01:32:38 2025 GMT
            Not After : Jan 17 01:37:38 2026 GMT
        Subject: CN=8B53A9100DECCB049EF4AAA035CAB10A596D1800
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:61:a3:9f:5a:65:52:7b:80:5b:10:67:14:3f:
                    98:c5:cd:cf:97:01:66:01:8b:2d:9e:26:e8:29:a5:
                    be:b0:a6:3a:19:50:57:03:91:4a:9c:06:ca:79:fe:
                    b2:d1:7e:d2:c0:9d:f4:a5:24:07:38:fb:bc:e4:d5:
                    60:8c:0e:da:3c:71:9f:4f:3d:d1:c1:f4:b6:f2:c2:
                    8f:74:8f:6c:71:56:fc:be:fe:1e:a5:3f:61:06:a7:
                    4a:aa:b7:7f:f3:21:ab:fa:c3:7b:c5:51:b0:30:d6:
                    32:a4:f1:36:72:b1:e8:2b:4b:89:81:e4:9d:43:3c:
                    fc:10:a5:df:0a:e5:4f:e7:2d:10:19:38:26:04:8e:
                    1f:22:41:ce:60:e8:a3:d3:6f:69:09:d8:43:46:e5:
                    45:dd:e1:6d:de:22:c7:ec:76:fe:b4:b6:8c:b2:44:
                    bd:0a:56:b2:d1:f2:55:95:8a:c5:f9:f7:1f:bb:75:
                    d5:69:94:3c:c1:c5:6e:eb:ac:97:af:60:7e:66:48:
                    7a:a0:56:4e:6f:f8:87:ed:71:1c:07:f5:d7:b4:e4:
                    35:7b:65:e4:cf:16:92:ba:f3:e2:fa:ba:69:5f:82:
                    5f:4b:4b:11:e2:e3:83:42:0d:d5:05:c0:8e:68:62:
                    18:57:5c:c3:ab:ee:77:e0:b8:2a:78:23:70:38:5d:
                    68:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:53:A9:10:0D:EC:CB:04:9E:F4:AA:A0:35:CA:B1:0A:59:6D:18:00
            X509v3 Authority Key Identifier:
                keyid:DC:94:3C:C2:A7:CD:C3:78:A3:77:02:57:3B:B4:F8:21:17:0B:53:0D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/DC943CC2A7CDC378A37702573BB4F821170B530D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3JQ8wqfNw3ijdwJXO7T4IRcLUw0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/6ab0722f-64d8-4ca9-9267-4e5154434101/0/38352e3233372e3230392e302f32342d3234203d3e203533333536.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.237.209.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3b:41:b9:cc:e4:d2:e5:3d:e3:a8:95:50:8c:6e:33:0b:7e:a0:
         5d:e2:ea:c0:48:70:da:4f:29:22:28:e1:12:4f:3b:9c:5a:15:
         9d:ba:6e:24:88:dc:96:8f:d7:61:18:c9:77:01:10:62:52:36:
         95:0b:10:d1:71:10:f6:bd:e6:96:04:34:7c:26:9d:51:33:cc:
         bc:95:ed:7d:1b:dd:33:57:44:37:16:9b:fb:99:76:11:dd:84:
         68:3a:fc:be:16:de:5e:0b:d3:8d:4b:fe:b2:ba:03:52:bb:54:
         90:e0:c8:ec:61:a7:03:a6:f8:6f:3e:f2:2d:41:54:e8:78:68:
         bd:03:b3:3a:81:bb:0b:a1:61:3b:4e:f5:1a:e2:02:c8:9f:70:
         46:0b:8e:61:b1:31:5a:61:c7:f2:54:e2:e6:63:dc:e4:d1:21:
         bb:47:8b:4e:28:50:a7:a2:72:04:45:6d:07:7f:f1:b1:af:ef:
         ee:dc:7a:0a:62:af:27:f4:af:81:62:0d:b1:36:eb:d4:16:c8:
         6d:ae:77:b0:2b:1d:c9:72:c2:bd:fb:58:85:7b:ed:cd:c2:e1:
         d3:b6:1c:2a:04:66:69:81:70:b8:90:4f:77:98:8d:5b:4e:59:
         b5:6f:2c:c8:27:b6:eb:4a:e1:fe:2a:86:f5:6c:3c:cf:e2:f4:
         72:b0:ca:02
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIUdmVjE/fuhxQyIg7W0C4dNrmiaNAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGM5NDNjYzJhN2NkYzM3OGEzNzcwMjU3M2JiNGY4MjEx
NzBiNTMwZDAeFw0yNTAxMTgwMTMyMzhaFw0yNjAxMTcwMTM3MzhaMDMxMTAvBgNV
BAMTKDhCNTNBOTEwMERFQ0NCMDQ5RUY0QUFBMDM1Q0FCMTBBNTk2RDE4MDAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDnYaOfWmVSe4BbEGcUP5jFzc+X
AWYBiy2eJugppb6wpjoZUFcDkUqcBsp5/rLRftLAnfSlJAc4+7zk1WCMDto8cZ9P
PdHB9Lbywo90j2xxVvy+/h6lP2EGp0qqt3/zIav6w3vFUbAw1jKk8TZysegrS4mB
5J1DPPwQpd8K5U/nLRAZOCYEjh8iQc5g6KPTb2kJ2ENG5UXd4W3eIsfsdv60toyy
RL0KVrLR8lWVisX59x+7ddVplDzBxW7rrJevYH5mSHqgVk5v+IftcRwH9de05DV7
ZeTPFpK68+L6umlfgl9LSxHi44NCDdUFwI5oYhhXXMOr7nfguCp4I3A4XWg3AgMB
AAGjggI9MIICOTAdBgNVHQ4EFgQUi1OpEA3sywSe9KqgNcqxClltGAAwHwYDVR0j
BBgwFoAU3JQ8wqfNw3ijdwJXO7T4IRcLUw0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNmFiMDcyMmYtNjRkOC00Y2E5LTkyNjctNGU1MTU0NDM0
MTAxLzAvREM5NDNDQzJBN0NEQzM3OEEzNzcwMjU3M0JCNEY4MjExNzBCNTMwRC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzNKUTh3cWZOdzNpamR3SlhPN1Q0SVJj
TFV3MC5jZXIwga0GCCsGAQUFBwELBIGgMIGdMIGaBggrBgEFBQcwC4aBjXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvNmFiMDcyMmYt
NjRkOC00Y2E5LTkyNjctNGU1MTU0NDM0MTAxLzAvMzgzNTJlMzIzMzM3MmUzMjMw
MzkyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzNTMzMzMzNTM2LnJvYTAYBgNVHSAB
Af8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA
Ve3RMA0GCSqGSIb3DQEBCwUAA4IBAQA7QbnM5NLlPeOolVCMbjMLfqBd4urASHDa
TykiKOESTzucWhWdum4kiNyWj9dhGMl3ARBiUjaVCxDRcRD2veaWBDR8Jp1RM8y8
le19G90zV0Q3Fpv7mXYR3YRoOvy+Ft5eC9ONS/6yugNSu1SQ4MjsYacDpvhvPvIt
QVToeGi9A7M6gbsLoWE7TvUa4gLIn3BGC45hsTFaYcfyVOLmY9zk0SG7R4tOKFCn
onIERW0Hf/Gxr+/u3HoKYq8n9K+BYg2xNuvUFshtrnewKx3JcsK9+1iFe+3NwuHT
thwqBGZpgXC4kE93mI1bTlm1byzIJ7brSuH+Kob1bDzP4vRysMoC
-----END CERTIFICATE-----
Generated at Fri Feb 14 14:47:47 2025 by rpki-client